Background: My company is keen on open source, and we've released a library that we recently developed. We struggled to find an AES library that was suitable for use on a micro-controller and also permissively licensed for use on closed source software. I/We would appreciate any feedback that you have :)

That's a good way of searching for code that I haven't used before, thanks!

You have to be a bit careful with crypto code though, as there's lots of examples of it not being done properly. Having given it a quick glance, the library you mention (this one I believe: https://github.com/qistoph/ArduinoAES256/blob/master/aes256.cpp) has a variety of timing attack vulnerabilities that make it unsuitable for use.

I'm sure there's probably one in the list that would fit the bill though!

You have to be a bit careful with crypto code though, as there's lots of examples of it not being done properly.

How could we be reassured that your product was coded properly?

It's open source

I wasn't saying that I'd never use one of the other ones, I was just saying that you have to be careful. I only really mentioned it because the library that was referenced was vulnerable to side channel attacks.

So, have you documented that the code passes standard tests or do we have to do that?

There's a link in the README to the Travis build which runs 2042 of the NIST test vectors against the source code every time the repository is updated. The "build: passing" icon will go red if any of those tests fail.